kernel: io_uring/rsrc: reject zero-length fixed buffer import

A flaw was found in the Linux kernel's iouring subsystem. A local attacker can exploit a vulnerability in the ioimportfixed function by importing a zero-length fixed buffer. This can lead to an out-of-bounds read from slab memory, potentially resulting in information disclosure or a denial of...

Exploit for Untrusted Pointer Dereference in Microsoft

CVE-2026-40369: Defensive Analysis of the 12-Byte Windows Kern...

CLSA-2026-1778772686 libsoup: Fix of CVE-2026-2369

CVE-2026-2369: fix integer underflow in sniffunknown on zero-length buffer that caused an out-of-bounds read in the content sniffer...

CLSA-2026-1778662869 libsoup: Fix of CVE-2026-2369

CVE-2026-2369: fix integer underflow in sniffunknown on zero-length buffer that caused an out-of-bounds read in the content sniffer...

PT-2026-38307

Name of the Vulnerable Software and Affected Versions fast-jwt versions prior to 6.2.4 Description An authentication bypass exists in the asynchronous key-resolver flow. When an application's key resolver returns an empty string '' or a zero-length Buffer, the software converts this to a...

CLSA-2026-1777659767 libsoup: Fix of CVE-2026-2369

CVE-2026-2369: fix integer underflow in sniffunknown on zero-length buffer that caused an out-of-bounds read in the content sniffer...

CVE-2026-43006

A flaw was found in the Linux kernel's iouring subsystem. A local attacker can exploit a vulnerability in the ioimportfixed function by importing a zero-length fixed buffer. This can lead to an out-of-bounds read from slab memory, potentially resulting in information disclosure or a denial of...

CVE-2026-43006

In the Linux kernel, the following vulnerability has been resolved: iouring/rsrc: reject zero-length fixed buffer import validatefixedrange admits bufaddr at the exact end of the registered region when len is zero, because the check uses strict greater-than bufend imu-ubuf + imu-len. ioimportfixe...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from bvec skipping a logical out-of-bounds read during a zero-length fixed buffer import in iouring rsrc, which...

CVE-2025-66037

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, feeding a crafted input to the fuzzpkcs15reader harness causes OpenSC to perform an out-of-bounds heap read in the X.509/SPKI handling path. Specifically, scpkcs15pubkeyfromspkifields allocates a zero-length buffer...

EUVD-2003-0425

Malware in sbrugna...

EUVD-2016-7412

Malware in sbrugna...

PT-2026-29081

Name of the Vulnerable Software and Affected Versions OpenSC versions prior to 0.27.0 Description OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, providing a crafted input to the fuzz pkcs15 reader harness results in an out-of-bounds heap read within the...

Google Golang 安全漏洞

Google Golang is a static strongly typed, compiled language from Google.Go's syntax is close to that of C, but differs with respect to variable declarations.Go supports garbage collection.Go's parallel model is based on Tony Hall's Communicating Sequential Processes CSP, and other languages that...

AZL-57755 CVE-2022-48703 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: thermal/int340xthermal: handle datavault when the value is ZEROSIZEPTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup returns ZEROSIZEPTR 0x10. Then the datavaultread got NULL...

CVE-2022-48703 thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR

In the Linux kernel, the following vulnerability has been resolved: thermal/int340xthermal: handle datavault when the value is ZEROSIZEPTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup returns ZEROSIZEPTR 0x10. Then the datavaultread got NULL...

CVE-2022-48703 thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR

In the Linux kernel, the following vulnerability has been resolved: thermal/int340xthermal: handle datavault when the value is ZEROSIZEPTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup returns ZEROSIZEPTR 0x10. Then the datavaultread got NULL...

SUSE CVE-2003-0431

The tvbgetnstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences...

DEBIAN-CVE-2012-3461

The 1 otrlbase64otrdecode function in src/b64.c; 2 otrlprotodatareadflags and 3 otrlprotoacceptdata functions in src/proto.c; and 4 decode function in toolkit/parse.c in libotr before 3.2.1 allocates a zero-length buffer when decoding a base64 string, which allows remote attackers to cause a deni...

PT-2003-1622 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal versions 0.9.12 and earlier Description: The tvb get nstringz0 function does not properly handle a zero-length buffer size, which may have unknown consequences. Recommendations: For Ethereal versions 0.9.12 and earlier, at the moment...